Web Penetration Testing using Nikto
|Web Penetration Testing using Nikto|
Nikto is a web server assessment tool. It is designed to find various default and insecure files, configurations and programs on any type of web server.
Default files and programs
Insecure files and programs
Outdated servers and programs
Nikto is built on LibWhisker (by RFP) and can run on any platform which has a PERL environment. It supports SSL, proxies, host authentication, IDS evasion and more. It can be updated automatically from the command-line, and supports the optional submission of updated version data back to the maintainers.
The name “Nikto” is taken from the movie “The Day the Earth Stood Still”, and of course subsequent abuse by Bruce Campbell in “Army of Darkness”. More information on the pop-culture popularity of Nikto can be found at http://www.blather.net/blather/2005/10/klaatu_barada_nikto_the_day_th.html